New research from TowerGroup finds that businesses are not doing nearly enough to prevent the loss or theft of customers’ personal information. The pace of data loss is quickening across many industries, including financial services, because businesses commonly maintain customer databases that contain personally identifiable information (PII) but do not have clear data-protection policies or technologies in place.
Since the end of 2006, the total of lost records reported has increased 50%. TowerGroup expects the rising loss rate to provoke louder demands from both the public and government for businesses to strengthen data protection and become more financially and legally liable for security breaches.
For years, financial services institutions have been collecting customer and prospect data on purchases, balances, transactions, service interactions, click streams, and marketing responses. Conventional wisdom equated data with knowledge. But the practice of collecting data in an unchecked fashion is leading to more problems than solutions. While the success of multifactor authentication for online account log-ins has reduced the effectiveness of phishing and malware schemes, criminals continue to develop new techniques for committing financial fraud.
Solving the issue of data loss is complex. However, by combining new technologies with basic security practices, companies can dramatically reduce or even eliminate most data loss. Listed below are the essential elements for more effective data loss prevention programs:
- Policy formulation, dissemination, and enforcement
- Data discovery
- Risk assessment
- Data consolidation
- Access control
- Communication monitoring